Security Policy

Security and Password requirements for Sabre® Community Portal 

Many businesses are continually assessing their level of security to help ensure a safe environment for their employees, customers and overall business operations.  Sabre Airline Solutions® is among them, especially in regard to the Sabre® Community Portal.

The Sabre® Community Portal is a one-of-a-kind Web environment that provides access to profile-driven informatio n. This means you only have access to applications, information, training, news and alerts that are applicable for the solutions you use. Therefore, during the las t few years, security enhancements have been and will continue to be a key part of our Community Portal releases and updates.

Some of the PCI-compliant security features we have employed to help keep the portal a safe environment for everyone include:

Users

  • Two-step registration process: Registration for the Sabre® Community Portal requires two steps, including having and validating company e-mail domains to help certify registration requests.
  • Security questions: Upon registration, you must select and provide answers to unique security questions that you can answer whenever you need to rese t your passwords.
  • For data security purposes, Sabre Community Portal customers are required to configure any connecting devices with an idle session screen lock of 15 minutes or less, with reentry of the user’s device password required to resume the session.
  • Account/access approval process: All user requests for product access are reviewed by Sabre Airline Solutions in conjunction with y our airline. Requests are approved or denied based on your job function and access needs.
  • User email validation can be done either manually at the Administrator's discretion or can be automated to be validated every configurable number of days . The number of days can be configured per customer. If user does not respond within 21 days, then their account will be locked
  • Login, account and password management: Along with your unique account, you must create unique passwords that meet best-practice security standards,and you must update your passwords every 30-60 days (depending on user role). User accounts expire after 60 days of inactivity and require you to contact your local administrator to reactivate your account.
  • Users are forced to change passwords every 30-60 days (depending on user role). User will be notified to change the password, during the 7 days before the password will be expired. The user will be forced to reset the password after these 7 days, in case the user ignores the notifications.
  • Users are forced to change password if the password was changed by Administrator.
  • Delegated administration – For airlines electing delegated administration, designated personnel are granted authority to manage their airline users’ accounts and regularly audit users for the products the customer delegated administrators have been given access to approve.
  • Terms and conditions: You must review and accept the terms and conditions of Sabre Community Portal use to gain access. Terms and conditions need to be accepted every 365 days or whenever user gets access to new applications or there is a change in user access level.

Sabre Airline Solutions Administration

  • Logging and tracking user activities by event: Detailed user activity on the portal is tracked and stored in the portal. We monitor and address unusual activity via standardized and customized reports, which are only for internal use.
  • Automated account on- and off-boarding: For airlines electing to integrate their personnel systems with the Sabre Community Portal, user accounts can be created, modified and disabled automatically as employees join or leave an airline.
  • Bulk account provisioning: When requested and confirmed by an airline, user accounts can be added, modified, provisioned or disabled quickly in large batches by the Community Portal team. This method is recommended for customer /initial product implementation.
  • Single-sign-on federation: For airlines electing to integrate their systems with the Sabre Community Portal, users can gain direct and seamless access to the portal and their hosted applications by logging into their airline website.
  • Delegated administration: For airlines electing delegated administration, specific airline personnel are granted authority to manage their airline users' accounts and regularly audit users for the products the customer-delegated administrators have been given access to approve.
  • Account disabling: Accounts can be disabled so users can no longer access the Sabre Community Portal. This feature is automatically employed if there is no activity for 90 days and/or by request when employees are off-boarded. The user's account data and history is stored in the portal for a minimum of three years.
  • Security scans: The portal runs several different security scans throughout the year to detect and report vulnerabilities and potential holes, including:
    • Monthly TrustWave external network security scan,
    • Quarterly penetration scans run from in/outside the network,
    • Security vulnerability scans run at application level with each release,
    • Additional security measures are:
      • PCI-compliant password authentication,
      • Fine-grained product-level authorization for content and Sabre Airline Solutions-hosted access,
      • Pages built using frameworks that guard against Web app vulnerabilities (SQL Injection, CSRF, XSS, etc.)
      • Changes to code are reviewed with security in mind.
  • Secure infrastructure/ architecture design and development practices: Various security steps are built in and/or taken to prevent vulnerabilities and help ensure user authorization.

We continually add more security features, so look for more information in future portal updates. It's our commitment to help ensure a maximum level of security is in place for you and us.


Password Requirement/Policy

  • Password must be at least 12, no more than 100 characters in length.
  • Password must consist of the following: lower case letters, upper case letters, digits and special characters.
  • Password must be different than recently used.
  • Password cannot contain the whitespace characters.
  • Password cannot contain the user's email.
  • Password cannot contain the user's first name.
  • Password cannot contain the user's last name.